Server side request forgery (ssrf)

The actionSendErrorReport method in protected/controllers/SiteController.php in X2Engine 2.8 through 4.1.7 allows remote attackers to conduct PHP object injection and Server-Side Request Forgery SSRF attacks via crafted serialized data in the report parameter...

CVE-2014-5297

The actionSendErrorReport method in protected/controllers/SiteController.php in X2Engine 2.8 through 4.1.7 allows remote attackers to conduct PHP object injection and Server-Side Request Forgery SSRF attacks via crafted serialized data in the report parameter...

CVE-2014-5297

The CVE-2014-5297 entry affects X2Engine 2.8–4.1.7, specifically the actionSendErrorReport method in protected/controllers/SiteController.php. The vulnerability arises from taking user-supplied data in the POST parameter report, applying base64_decode followed by unserialize without proper saniti...

X2Engine 4.1.7 PHP Object Injection

------------------------------------------------------------------------- X2Engine = 4.1.7 SiteController.php PHP Object Injection Vulnerability ------------------------------------------------------------------------- - Software Link: http://www.x2engine.com/ - Affected Versions: All versions fr...

CVE-2014-3541

The Repositories component in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary code via serialized data associated with an add-on...

CVE-2014-3541

The Repositories component in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary code via serialized data associated with an add-on...

Design/Logic Flaw

The Repositories component in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary code via serialized data associated with an add-on...

CVE-2014-3541

CVE-2014-3541 affects Moodle’s Repositories component across multiple branches (Moodle 2.3.11; 2.4.x < 2.4.11; 2.5.x < 2.5.7; 2.6.x < 2.6.4; 2.7.x

CVE-2014-3541

The Repositories component in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary code via serialized data associated with an add-on...

OpenCart 1.5.6.4 PHP Object Injection

----------------------------------------------------------------- OpenCart session-data'cart' as $key = $quantity 24. $product = explode':', $key; 25. $productid = $product0; 26. $stock = true; 27. 28. // Options 29. if !empty$product1 30. $options = unserializebase64decode$product1; 31. else 32...

Vanilla Forums 2.0 - 2.0.18.5 (class.utilitycontroller.php) - PHP Object Injection Vulnerability

No description provided by source. ------------------------------------------------------------------------------------------- Vanilla Forums = 2.0.18.5 class.utilitycontroller.php PHP Object Injection Vulnerability...

CubeCart 5.2.0 (cubecart.class.php) PHP Object Injection Vulnerability

No description provided by source. ------------------------------------------------------------------------- CubeCart = 5.2.0 cubecart.class.php PHP Object Injection Vulnerability ------------------------------------------------------------------------- - Software Link: http://www.cubecart.com/ -...

Invision Power Board <= 3.3.4 unserialize Regex Bypass

No description provided by source. ?php / So this is the patch that sanitizes, static public function safeUnserialize $serialized // unserialize will return false for object declared with small cap o // as well as if there is any ws between O and : if isstring $serialized && strpos $serialized, \...

Joomla! <= 3.0.2 (highlight.php) PHP Object Injection Vulnerability

No description provided by source. ------------------------------------------------------------------- Joomla! = 3.0.2 highlight.php PHP Object Injection Vulnerability ------------------------------------------------------------------- - Software Link: http://www.joomla.org/ - Affected Versions:...

CVE-2014-3942

The Color Picker Wizard component in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, and 6.1.0 before 6.1.9 allows remote authenticated editors to execute arbitrary PHP code via a serialized PHP object...

Code injection

The Color Picker Wizard component in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, and 6.1.0 before 6.1.9 allows remote authenticated editors to execute arbitrary PHP code via a serialized PHP object...

CVE-2014-3942

The Color Picker Wizard component in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, and 6.1.0 before 6.1.9 allows remote authenticated editors to execute arbitrary PHP code via a serialized PHP object...

CVE-2014-3942

The Color Picker Wizard component in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, and 6.1.0 before 6.1.9 allows remote authenticated editors to execute arbitrary PHP code via a serialized PHP object...

CVE-2013-1397

Symfony 2.0.x before 2.0.22, 2.1.x before 2.1.7, and 2.2.x remote attackers to execute arbitrary PHP code via a serialized PHP object to the 1 Yaml::parse or 2 Yaml\Parser::parse function, a different vulnerability than CVE-2013-1348...

Design/Logic Flaw

Symfony 2.0.x before 2.0.22, 2.1.x before 2.1.7, and 2.2.x remote attackers to execute arbitrary PHP code via a serialized PHP object to the 1 Yaml::parse or 2 Yaml\Parser::parse function, a different vulnerability than CVE-2013-1348...